baize-task-bot
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill matches its outbound-call operations purpose, but it can change live calling tasks and accounts using an under-declared Baize token and local cached task data.
Install only if you operate the Baize outbound-call platform and are comfortable granting the agent live operational authority. Use a least-privilege BAIZE_TOKEN, confirm the API host, verify local JSON data against the live system before approving writes, and approve each start/stop/account/concurrency change only after checking the exact details.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly, the agent could start or alter outbound call campaigns, change concurrency, switch lines, or create accounts.
The skill exposes live operational tools that can start, stop, resume, and reconfigure outbound calling tasks and create accounts. The confirmation instruction is a mitigating control, but users should treat these as high-impact actions.
`start_task` | 启动指定外呼任务 ... `change_concurrency` | 调整运行中任务的并发数 ... `create_main_account` | 新建主账号(运营账号),仅限管理员 ... 写操作前,必须先向用户展示操作详情,等待确认后再执行。
Require explicit human confirmation for every write action and verify task IDs, line IDs, concurrency values, account names, and expected effects before approving.
A broad or admin Baize token could let the agent make substantial changes to calling operations and accounts, even though the registry metadata does not warn that such a credential is used.
The registry contract says no credential is needed, but the skill documentation and code use a Baize API token for authenticated write operations. That makes the credential and privilege boundary under-declared.
metadata: `Required env vars: none` / `Primary credential: none`; SKILL.md: `BAIZE_TOKEN`:接口认证Token; skill.py: `headers = {"token": _BAIZE_TOKEN, "Content-Type": "application/json"}`Declare BAIZE_BASE_URL and BAIZE_TOKEN in metadata, use a least-privilege token, avoid admin tokens unless required, and restrict which API host the token may be sent to.
A stale local task list could cause a user to approve an operation that affects a different live campaign than intended.
The workflow resolves task and line IDs from manually maintained local JSON files, then applies writes to the live Baize API. If the local data is stale or edited incorrectly, the agent may apply changes to the wrong live task or line.
查询操作从本地文件读取,写操作调用白泽外呼平台API。 ... 用户提到任务名称时,先调用 `query_tasks` 获取任务ID,再执行操作。 ... 若需更新本地数据,请直接编辑对应 JSON 文件。
Before any live write, verify the target task and line against the live Baize platform or require the user to provide and confirm exact IDs from the current system.